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STATECHARTS VIA PROCESS ALGEBRA 


GERALD LUTTGEN*, MICHAEL VON I)KH BKKCK + , AND RANGE CLEAVELAND* 

Abstract. Statecharts is a visual language for specifying the behavior of reactive systems. The language 1 
extends finite-state machines with concepts of hierarchy , concurrency . and priority. Despite its popularity 
as a design notation for embedded systems , precisely defining its semantics has proved extremely challenging. 
In this paper, a simple process algebra , called Statecharts Process Language (SPL). is presented, which is 
expressive enough for encoding Statecharts in a structure-preserving and semantics-preserving manner. It is 
established that the behavioral relation bisimulation , when applied to SPL, preserves Statecharts semantics. 

Key words, bisimulation, compositionality, operational semantics, process algebra, Statecharts 

Subject classification. Computer Science 

1. Introduction. Statecharts is a visual language for specifying the behavior of reactive systems [7]. 
The language extends the traditional notation of finite-state machines with concepts of (i) hierarchy . so 
that one may speak of a state as having sub-states, (ii) concurrency, thereby allowing the definition of 
systems having simultaneously active subsystems, and (iii) priority , so that one may express that certain 
system activities have precedence over others. Statecharts has become popular among engineers as a design 
notation for embedded systems , and commercially available tools provide support for it [10]. Nevertheless, 
precisely defining the semantics of the language has proved extremely challenging, with a variety of proposals 
[8, 9, 18, 19. 21, 28, 29] being offered for several dialects [34] of the language. While the research results 
have yielded insight into different aspects of the notation, no definitive account has emerged. This has an 
obviously undesirable practical ramification; tool builders for Statecharts must resort to ad hoc decisions 
in their implementations of semantically- based tools, such as model checkers [16, 23]. and this means that 
designs developed by engineers have a meaning that may vary from implementation to implementation. 

The semantic subtlety of Statecharts arises from the language's capability for defining transitions whose 
enablement disables other transitions. A Statechart may react to an event by engaging in an enabled 
transition, thereby performing a so-called micro step , which may generate new ('vents that may in turn 
trigger new transitions while disabling others. When this chain reaction comes to a halt, one execution 
step, a so-called macro step , is complete. Technically, the difficulty for defining an operational semantics 
capturing the “macro-step” behavior of Statecharts arises from the fact that such a semantics should exhibit 
the following desirable properties: (i) the synchrony hypothesis [2], which guarantees that a reaction to an 
external event terminates before the next event enters the system, (ii) compositionality , which ensures that 
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the semantics of a Statechart is defined in terms of the semantics of its components, and (iii) causality , which 
demands that the participation of each transition in a macro step must be causally justified. Huizing and 
Gertli showed that an operational semantics in which transitions are labeled purely by sets of events i.e., 
the “observations” a user would make cannot be given, if one wishes all three properties to hold [15]. In 
fact, the traditional semantics of Statecharts, as defined by Priueli and Shalev [28], satisfies the synchrony 
hypothesis and causality, but is not compositional. Other approaches [17, 18, 31] have achieved all three 
goals, but at the expense of including complex information regarding causality in transition labels. 

While not as well-established in practice, process algebras [1, 12, 24] offer many of the semant ic advantages 
that have proved elusive in Statecharts. In general, these theories are operational, and place heavy emphasis 
on issues of compositionality through the study of congruence relations, such as bisimulation [24, 25]. Many of 
the behavioral aspects of Statecharts have also been studied in the setting of process algebra. For example, the 
synchrony hypothesis is related to the maximal progress assumption developed in timed process algebras [11, 
35]. In these algebras, event transitions and “clock” transitions are distinguished, with only the latter 
representing the advance of time. Maximal progress then ensures that time may proceed only if the system 
under consideration cannot engage in internal computation. Clocks may therefore be viewed as “bundling’ 
sequences of event transitions, which may be thought of as analogous to “micro steps,” into a single* “time 
step.” which may be seen as a “macro step.” The traditional SOS-style presentations of process algebras 
capture a notion of “causality” a la Statecharts. The concept of priority has also been studied in process- 
algebraic settings [4], and the Statecharts hierarchy operator is related to the disabling operator of LOTOS [3]. 

In this paper, we present a new, process- algebraic semantics of Statecharts. Our approach involves 
synthesizing the observations above; specifically, we present a new process algebra, called Statecharts Process 
Language (SPL), and we show that it is expressive enough for embedding several Statecharts variants. SPL is 
inspired by Hennessy and Regan’s Tuned Process Language (TPL) [11], in that it extends Milner’s CCS [24] 
by the concept of an abstract, global clock. Our algebra replaces the handshake communication of TPL 
by a multi-event communication , and introduces a mechanism to specify priority among transitions as well 
as a hierarchy operator [32]. The operational semantics of SPL uses SOS rules [26] to define a transition 
relation whose elements are labeled with simple sets of events; then, using traditional process-algebraic 
results we show that SPL has a compositional semantic theory based on bisimulation. We connect SPL 
with Statecharts by embedding the variant of the language considered by Maggiolo-Schettini et al. in [18]. 
More precisely, we define a compositional translation from Statecharts to SPL that preserves the macro-step 
semantics of the former. This result crucially depends on our treatment of the SPL macro-step transition 
relation as a derived one: the standard SPL transition relation becomes in essence* a micro-step semantics. 
Thus, while our macro-step semantics cannot be compositional (see the result of Huizing and Gerth [15]), 
we obtain a compositional theory, in the form of a semantic congruence, at a lower, micro-step level. In 
addition to the usual benefits conferred by compositional reasoning, this semantics has a practical advantage: 
given the unavoidable complexity of inferring macro steps, actual users of Statecharts would benefit from a 
finer-grained semantics that helps them understand how the macro steps of their systems are arrived at. 

The remainder of this paper is organized as follows. The next section gives a brief introduction to 
Statecharts, while Section 3 defines the process algebra SPL. Sections 4 and 5 formalize our embedding 
of Statecharts semantics in SPL and present our main technical results, respectively. Section C shows the 
flexibility of our approach by examining its adaptability to other Statechart variants. Related work is 
discussed in Section 7. Finally, Section 8 gives our conclusions and directions for future research. 
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2. Statecharts. Statecharts is a specification language for reactive systems [27], i.e., concurrent systems 
which are characterized by their ongoing interaction with their environment They subsume finite state 
machines whose transitions are labeled by pairs of events, where the first component is referred to as trigger 
and may include negated events , and the second component is referred to as action . Intuitively, if the 
environment offers the events in the trigger, but not, the negated ones, then the transition is triggered 
and can be executed; it fires, thereby producing the events in the label’s action. Concurrency is achieved 
by allowing complex Statecharts to be composed from more simple ones running in parallel, which may 
communicate via broadcasting events. Elementary, or basic states in Statecharts may also be hierarchically 
refined by injecting other Statecharts. Concurrency and hierarchy are especially important concepts, since 
they allow for bottom-up and top-down specifications of systems. 


n 3 

\ 

n i 

t, -.a/b 

ra 


t 2 
; n 


lJ 

h/c 


b/a 


- n 7 


Fie. 2.1. Example Statechart 

As an example, consider the Statechart depicted in Figure 2.1. It consists of a so-called and-state , labeled 
by ? 4), which denotes the parallel composition of the two Statecharts labeled by and n 8 - Actually, and 
?7 8 arc 1 the names of or- states , describing sequential state machines. The first consists of two states n \ and 
77o that are connected via transition t \ with label a/b. The label specifies that t\ is triggered by ->«, i.e., 
by the absence of (went a, and produces event 6. States //. i and no are not refined further and, therefore, 
are also referred to as basic states. Or-state n H is refined by or-state and basic state 777, connected via a 
transition labeled by b/a. Or-state is further refined by basic states n,] and 775, and transition to labeled 
by h/c. 

It should be mentioned that the variant of Statecharts considered here does not include “features” present 
in some other variants. In particular, we prohibit interlevel transitions , i.e., transitions crossing borderlines 
of states, and triggers of the form in„, where n is the name of a state. Moreover, state hierarchy does not 
impose implicit priorities to transitions, where transitions on higher levels of the hierarchy have 1 precedence 
over transitions on lower levels; e.g., transition t$ does not have priority over transition to in our example. 
The impact of altering our approach to accommodate these concepts is discussed in Section G. 

2.1. Statecharts Terms. For our purposes, it is convenient to represent Statecharts not visually but 
by terms. This is also done in related work [17, 18, 31], and our approach closely follows the one described 
in [18]. Formally, let A be a countable set of names for Statecharts states, T be a countable set of names 
for Statecharts transitions, arid n be a countable set of Statecharts events. Moreover, we associate with 
('very event e € II its negated counterpart ~>e. We also lift negation to negated events by defining =df e. 
Finally, we write ~^E for {->e | e E £}, if E C II U {->e | c E II}. Then, the set of Statecharts terms is defined 
to be the least set satisfying the following rules. 






1 . Basic state: If n € .V, then s = [n] is a Statecharts term. 

2. Or-state: If n 6 A f, s i,... ,s* are Statecharts terms for fc > 0. T C T x {1,... ,k) x 2 llu_,n x 

2" x {1 k}, and 1 < l < k, then * = [n : (sj,... ,*/t);/;T] is a Statecharts term. Intuitively, 

.s, ah are the sub-states of s, and T is the set. of transitions between these states. The Statechart 

«! is the default state of #, while .s, is the state that is currently active; initially, / = 1. 

3 . And-state: If n € Af, and if are Statecharts terms for k > 0, then a = [n : (»i •«*•)] 

is a Statecharts term. 

We refer to n as the root of s and write root(.s) =<ir n. If t = E, A,j) £ T is a transition of or-state 
[i/ : (.s, si.); I ; T], then we define name(f) =di f. out(f) =,ir ev(f ) =,ir E , act(/) =,if -4, and in(t) =,if */• 

'Fable 2.1 

States and transitions of Statecharts terms 

states([«]) =af {»} trans([/«]) —nr 0 

states([n : ,s: /; T]) = d f {«} U (J{states(.s,) 1 1 < / < A:} trans([?i : s; /; T]) =df T U U{ tran s(.s, ) 1 1 < i < A } 

states([u ; .s]) — af {n} U |J{states(&, ) | 1 < i < A-} trans(['n : ,s]) -df jj{trans(.s,) 1 1 < t < &} 


We write SC for the set of Statecharts terms, in which (i) all state names and transition names are 
mutually disjoint, (ii) no transition t produces an event that contradicts its trigger, i.e., ev(t) n _i act(t) = 0, 
and (iii) no transition t produces an event that is included in its trigger, i.e., ev(t) fl act(f) — 0. As a 
consequence of (i), states and transitions in Statecharts terms are uniquely referred to by their name. Foi 
convenience, we often identify a Statecharts state s and transition t with its name root(.s) and name(f), 
respectively. The sets states(.s) and trans(s) of all states and transitions of .s are inductively defined on 
the structure of ,s, as depicted in Table 2.1, where s ~ (.si,... ,s k ). Finally, let us return to our example 
Statechart in Figure 2.1 and present it as a Statecharts term s» € SC. For our framework, we choose 
IT = d f {a, />, r}, A r =df {ni , n- 2 , . • . , ^ 9 }. and T =df {ti , hi h}. 

s*9 — df [^9 : , a* 8 )] *3 =df [ n :i : (*‘*1 ) * 1; {(hi I7 {^}*2)}] *1 =df [ni] 

s > =df [«a] *8 =df [its '■ (« 6 j ^7); 1 ; {{* 3 ? 6 , { b }, {a}, 7 )}] *7 =<11 [n?] 

-s\i — df [ n ‘\] — df [ik i : (' s * 4 i * 5 ); 1; {(hi 4, { b }, {c}, 5)}] - s r> = d f [nr,] 

2.2. Statecharts Semantics. In the remainder of this section, we formally present the semantics of 
Statecharts terms as is defined in [18]. which is a slight variant of the “traditional” semantics proposed by 
Pnueli and Shalev [28]. More precisely, this semantics differs from [28] in that it does not allow the step- 
construction function, which we present below, to fail. The semantics of a Statecharts term s is a transition 
system, whose states and transitions are referred to as configurations and macro steps, respectively. Config- 
urations of s are usually sets config(s) of the names of those states which are currently active [28]. We define 
config(.s) along the structure of (i) config([n]) = d f (h) config([n : (si,... ,*k)'J\T}) =df {n}Uconfig(.s/), 
and (iii) config([n s k )]) = df {n} U (J{config(6q) 1 1 < i < k). However, for our purposes it is more 

convenient to use Statecharts terms for configurations, as every or-state contains a reference to its active sub- 
state. Consequently, the default configuration default(s) of Statecharts term s may be defined inductively as 
follows: (i) default([n]) =df [«■], (ii) default([ri : (.s 1,... . .s k ):l;T]) =df [n : (default(.s*i ), . . . , default (s *)); 1; T], 
and (iii) defaulter* : (s x , . . . , ,s k )]) = df [n : (default(.^x default^*))]. As mentioned before, a Statechart 
reacts to the arrival of some external events by triggering enabled micro steps, possibly in a chain-reaction 
like manner, thereby performing a macro step. More* precisely, a macro step comprises a maximal set of 
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Table 2.2 

Step-construction function 


function step- construction^, E)\ var T := 0; 

while T C enabled(,s, E . T) do choose f £ enabled(.s, E,T)\T ; T := T U {t} od: 
return T 


Table 2.3 
Function update 

update([n], T') = fi f [/i] update([u : s\, T') = ( [f [w : (update(.si , T \ ), . . . , update^., 7*))] 



[« : ,s; /; T] 

if T’ = 0 

update([n : .s;/;T],T ; ) =df < 

[« : ( .s i , . . . , update(.s/, T f ), . 

. . , s k )\ l: T] if 0 T' C trans(.si) 

[n : (.si, . . . , default(.s m ), . . . 

if 0 # 7 1 ' = { (#' , /, E, A. r?i) } C T 


. M 

otherwise 


micro steps, or transitions, that are triggered by events offered by the environment or generated by other 
micro steps, that are mutually consistent , compatible , and relevant , and that obey causality. The Statecharts 
principle of global consistency , which prohibits an event to be present and absent in the same macro step, is 
subsumed by the notions of triggered and compatible. 

A transition t £ trans(.s) is consistent with T C trans(.s), in signs t £ consistent^*, T), if t is not in the 
same parallel component as any transition in T. Formally, 

consistent(.s\ T) = <if {t £ trSns(.s') | V*' £ T.t± s t'} . (2.1) 

Here, we write t± s t\ if t = f. or if there exists an and-state j n : (s*i,.. . , .s /,. ) ] in s , i.e., n £ states(.s*), such 

that t £ trans(s*) and t ( £ trans(.Sj) for some l < i 7 j < k satisfying i ^ j. 

A transition t £ trans(.s) is compatible to all transitions in T C trans(.s), in signs t £ compatible^, T). if 
no event produced by t appears negated in a trigger of a transition in T. Formally, 

compatible^*, T) = ( |f {t £ trans(.s) | V/' £ T. act(t) D -<ev(/') = 0} (2.2) 

A transition t £ trans(.s) is relevant for s, in signs t £ relevant(s), if the root of the source state of t is in 

the configuration of s. Formally, 

relevant(.s) = f (f {f £ trans(s) | root(out(£)) £ config(.s)} (2.3) 

A transition t £ trans(s) is triggered by a set E of events, in signs t £ triggered (s, JF), if the positive, but 
not the negative, trigger events of t are in E. Formally, 

triggered(.s, E) = ( jf {/ £ trans(s) | ev(f) fl II C E and -i(ev(£) fl ^11) n E = 0} (2.4) 

Finally, a transition t is enabled in configuration s regarding a set E of events and a set T of transitions, 
if t £ enabled (s,E,T), where 

enabled(.s, E, T) =df relevant(.s) n con$istent(.s, T) fl triggered(s, E U |^J act (t)) fl compatible^, T) (2.5) 

ter 



Unfortunately, this formalism is still not rich enough to causally justify the triggering of each transition. 
The principle of causality may be introduced by computing macro steps, i.e., sets of transition names, using 
the nondeterministie step-construction function presented in Table 2.2. This function is adopted from [18], 
where also its soundness and completeness relative to the classical approach via the notion of inseparability of 
transit ions [28] are stated. Note that the maximally of each macro step implements the synchrony hypothesis 
of St at (‘charts. The set of all macro steps that can be constructed using function step- construction, relative 
to a Statecharts term ,s and a set E of environment events, is denoted by step(.s\£) C 2 r . For a set 
T e step(.s ,£). Statecharts term s may evolve in a (single) macro step to term s' = df updated, T) when 
triggered by the environment events in E and, thereby, produce the events in .4 — <ir (J{act(f) \ t G T }. We 

denote this macro step by The function update is defined in Table 2.3, when 1 s = d f (.s*i , **) and 

T, = df r'ntrans(«Si), for 1 < i < k. Observe that at most one transition of T may be enabled at the top-level 
of an or-state; thus, the “otherwise” case in Table 2.3 cannot occur in our context . Intuitively, update(.s*, T), 
for T C trans(.s). re-defines the active states of s when the transitions in T are executed. 

2.3. Compositional Characterization of enabled. We conclude this section about Statecharts with 
a compositional characterization of enabled, which will be needed later in the paper. For this purpose, we 
augment enabled with a fourth argument .4 C 11 which contains the events that must not be generated by 
enabled transitions. Formally, we define enabled : SC x 2 n x 2 11 x 2^ > 2^ by 

enabled(«s, £\ .4, T) =<ir relevant(.s) n consistent (s, T) fl triggered(.s, E U (J act(t)) n compatible^-, .4, T) 

ter 

when 1 compatible(.s, .4. T) = df {t G trans(.s) | act(f) D (.4 U \J reT - < (ev(f ; ) n -nil)) = 0}. It is easy to see that 
the new definition of enabled extends the old one as follows: enabled(.s, E, T) = enabled(.s, E, 0, T). The 
extended version of enabled may now be compositionally characterized as follows. 

Proposition 2.1. Let s g SC, E,A C n, and T' C T. 

1. If s — [//.] /,s a basic state , then enabled(s, E, .4, T') — 0. 

2. If s = [n : ( ,s i , . . . , s*.); /; T] is an or-state , then enabled(s, E , .4, T') = 

enabted(si, E, ,4, T ( ) U 

{t € T | out(t) = Sf , t G triggered(si , E) Pi compatible[s { , A, T')} ifT' = $ 
enabled ^ , E. ,4, T') */ 0 # T* C trans(s t ) 

{t* 1 1 ( € triggered(sj , E) n compatible(si . A,T f )} if $ ^ T f = {t'\ C T. out{t') = .s/ 

0 otherwise 

3. If s = [n : (si,... ,**)] is an and- state, then enabled(s, E, A,V) = Ui<;<* enabled(s h E h A h Ti), 
where Ej = ( tf E U (J{act(t) 1 1 G Tj, j ^ ■/}. Aj = <*/ .4 U IJ{ _, ( e ^(0 O U € Tp j ^ / }• and Tj =df 
T f fl trans(sf), for 1 < i < k. 

The proof of this proposition can be done by induction on the structure of s. 

3. Process-Algebraic Framework. In this section, we present our process-algebraic framework which 
is inspired by timed process calculi such as Hennessy and Regan’s TPL [11]. Our language, which we 
refer to as Statecharts Process Language (SPL), includes a special action a denoting the ticking of a global 
dock. SPLs semantic framework is based on a notion of transition system that involves two kinds of 
transitions, action transitions and clock transitions, modeling two different mechanisms of communication 


G 


and synchronization in concurrent systems. The role of actions in process algebras corresponds to the one 
of events in Statecharts. A clock represents the progress of time, which manifests itself in a recurrent global 
synchronization event, the clock transition, in which all process components are forced to take part. However, 
action and clock transitions are not orthogonal concepts that can be specified independently from each other, 
but are connected via the maximal progress assumption [11, 35]. Maximal progress implies that progress of 
time is determined by the completion of internal computations and, thus, mimics the synchrony hypothesis 
of Statecharts. The key idea for embedding Statecharts terms in a timed process algebra is to represent 
a macro step as a sequence of micro steps that is enclosed by clock transitions, signaling the beginning 
and the end of the macro step, respectively. This sequence implicitly encodes causality and, thus, leads to 
a compositional semantics for Statecharts, whose practicality does not suffer from complicated transition 
labels including causal orders [17. 18, 31]. 

Unfortunately, existing timed process algebras are, in their original form, not suitable for embedding 
Statecharts. The reason is that Statecharts transitions may be labeled by multiple ('vents and that some 
events may appear in their negated form. The former feature 1 implies that in contrast to standard process 
algebras [1, 12, 24] processes may be forced to synchronize on more than one (went simultaneously, and the 
latter feature is similar to mechanisms for handling priority [4]. Moreover, our framework must include an 
operator similar to the disabling operator of LOTOS [3] for resembling state hierarchy [32]. Our Statecharts 
Process Language combines these well-known concepts in a single process algebra, which is expressive and 
flexible enough for embedding several Statecharts variants, as we will show below. 

3.1. Syntax. Formally, let A be a countable set of events or ports , and let rr A be the distinguished 
dock event or clock tick . Based on A, we define input actions in SPL to be of the form (E, TV), where 
E.N C A, and output actions E to be subsets of A. In case of the input action (0,0), we speak of an 
unobservable or internal action, which is also denoted by • . Moreover, we let A stand for the set of all 
input actions. In contrast to CCS [24], the syntax of SPL includes two different operators for dealing with 
input, and output actions, respectively. The prefix operator U (P, N).'' only permits prefixing with respect to 
input actions (E, A ) which are instantly consumed in a single step. Output actions E are signaled to the 
environment of a process by attaching them to the process via the signal operator “[Pjrr^).” They remain 
visible until the next clock tick o occurs. The syntax of SPL is given by the following BNF 

P 0 | X | (E, N).P \ [E]o(P) | P + P | P>P | P P | P|P | P\L 

where L C A is a restriction set , and A" is a process variable taken from some countable domain V. We also 
allow the definition of equations X c = P. where variable A" is assigned to term P. If A” occurs as a subterm 
of P, we say that A" is recursively defined. We adopt the usual definitions for open and closed terms and 
guarded recursion, and refer to the closed and guarded terms as processes [24]. The symbol V denotes the 
set of all processes and is ranged over by P and Q. Finally, the operators > and \> a called disabling and 
enabling operator, respectively allow us to model state hierarchy. 

3.2. Operational Semantics. The operational semantics of an SPL process P £ V is given by a 
labeled transition system (P,A U {a}, — »,P), where V is the set of states, A U {a} the alphabet, — > C 
V x (Au {a}) xp the transition relation, and P the start state. We refer to transitions with labels in A as 
action transitions and to those with label a as clock transitions. For the sake of simplicity, we write P — ► P / 
instead of (P, {E. A ),P') 6 — > and P — > P' instead of (P, < 7 , P') 6 — ». We say that P may engage in a 
transition labeled by (£\ N) or a. respectively , and thereafter behave like process PL The transition relation 



is defined in Tables 3.2 and 3.3 using operational rules. In contrast, to CCS [24], our framework does not 
provide a concept of output action transitions, such that “matching” input and output action transitions 
synchronize with each other and, thereby, simultaneously change states. Instead, output actions are attached 
to SPL processes via the signal operator. In order to present our communication mechanism, we need to 
introduce initial output, action sets , 5 (P), for P S V. These are defined as the least sets satisfying the 
equations in Table 3.1. Intuitively, I (P) collects all events which are initially offered by P. 

Table 3.1 

Initial output action sets 

I([E]a{P)) = E II(P + Q) = H(P)un(Q) n(.Y) = n(P) where A' = P 

I(P|o = 5 (P)uI(Q) n (P\L) =1 (P)\l 

n(Po Q) = I(P)uI(g) I(P>^ Q) = J(P) 


Act 


(E. N).P P 


Rec 


En 


Disl 


Table 3.2 

Operational semantics (action transitions) 
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Par2 
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P><rQ~? P' >~ Q 

P + Q^Q' 
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P\Q V p \Q' 

P-^P' 

JV 

Dis2 

Q^Q' 
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P-^P' 

jV 

p > Q V P' >* Q 

p>Q^Q’ 

p \ L ^. p '\ L 


n n i(g) = v\ 


NDl(P) = lfi 


£311 = 11 


The operational semantics for action transitions is set up such that P P' may be read as follow s: P 
can evolve to P' whenever the environment offers communications on all ports in E, but none on any port 
in N. More precisely, process {E, N) .P may engage in input action (E, A') and then behave like P. The 
summation operator + denotes nondeterrninistic choice, i.e., process P + Q may either behave like P or Q. 
Process P | Q stands for the parallel composition of P and Q according to an interleaving semantics with 
synchronization on common ports. Rule Pari describes the interaction of process P w ith its environment Q. 
If P can engage in an action transition labeled by (E, N) to P', then P and Q synchronize on the events in 
EnS(g), provided that Q does not offer a communication on a port in N, i.e., N n IRQ) = 0 holds. In this 
case. P|Q can engage in an action transition labeled by (E\1(Q),N) to P'\Q. Rule Par2 deals with the 
symmetric case, where the roles of P and 0 are interchanged. The semantics of tin 1 disabling and ejiabliny 
operators are tightly connected. Process P > Q may behave as Q, thereby permanently disabling P, or as 
P t>„ Q. In the latter case only P may proceed, and Q is temporarily disabled until the next clock tick 
arrives. This allows for modeling Stateeharts or-states, where process P is on a lower level than Q. The 
disabling operator may also be thought of as a non pre-emptive interrupt operator, where Q is the interrupt 
handler (see Section 6). The restriction operator \L encapsulates all ports in L and, thereby, allows the 
scoping of events. Accordingly, Rule Res states that process P\L can only engage in an action transition 
labeled by (E,N), if there is no event in E. which is restricted by L. Moreover, the events in L may be 
eliminated from N. Hence, the internal action • is produced from (E, N), if the environment offers every 
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event in E and if all events in N are restricted. Finally, process variable X , where X P, is identified with 
a process that behaves as a distinguished solution of the equation X = P. 

Tahlk a.:? 

Operational semantics (clock transitions) 


tAct 


tPar 


(E, N).P -4 {E,N).P 

p 4F g -4 g' 

P | Q -4 P' I Q' 


(E< X) / i 

rv d ' 7 


P -4 P f 

tRes • & I(P \ L) 

P \ L ^4 P’\L 


tOut 


t Nil 


tRec 


[EHP) 



tSum 


tDis 


tEn 


P -4 P' Q- 4 

p + g4p' + Q f 

P ^ P f Q At/ 
PoQ4P'>y' 

p4p ; 


The operational rules for clock transitions deal with the maximal progress assumption, i.e., if • € I(P) =df 

£" 

{{ E , A r ) | 3P'. P P'} then a clock tick rr is inhibited. The reason that transitions other than those labeled 
by • do not have pre-emptive pow r er is that these only indicate the potential of progress, whereas • denotes 
real progress in our framework. Rule t N i I states that inaction process 0 can idle forever. Similarly, process 
( E,N).P may idle for clock rr, whenever (E.N) / •. The signal operator in process [E]a(P), which offers 
communications on the ports in E to its environment, disappears as soon as the next clock tick arrives and. 
thereby, enables process P. Time has to proceed equally on both sides of summation, parallel composition, 
and disabling, i.e., P + Q, P\Q , and P > Q can engage in a clock transition if and only if both P and 
Q can. The side condition of Rule tPar implements maximal progress and states that there is no pending 
communication between P and Q. The reason for the side condition in Rule tRes is that the restriction 
operator may turn observable input actions into the internal, unobservable input action • (see Rule Res) 
and, thereby, may pre-empt the considered clock transition. Finally, Rule tEn states that a clock tick switches 
the enabling to the disabling operator. Rule tRec does not require extra explanation. 

The operational semantics for SPL possesses several pleasant algebraic properties which are known from 
timed process algebras [11, 35], such as (i) the idling property, i.e., • £ I(P) implies 3P' E V.P -4 P\ for 
all P E P, (ii) the maximal progress property, i.e., 3P' £ V.P -4 P' implies • ^ I(P), for all P E P, and 
(iii) the time deterrninacy property, i.e., P -4 P' and P -4 P" implies P ; = P", for all PP'.P" E P. 
Moreover, the summation and parallel operators are associative and commutative. 

3.3. A Behavioral Equivalence. As shown above, the SPL operational semantics interprets pro- 
cesses as labeled transition systems. However, from a semantic point of view, several transition systems 
might describe the same observable system behavior. For coping with this situation, standard process alge- 
bras introduce behavioral equivalences which relate processes, or transition systems, that describe the same 
intuitive behavior. One popular behavioral equivalence is bishnulatum [24] which may be adapted to cater 
for SPL as follows. 

Definition 3.1 (Bisimulation). Bisimulation equivalence, ~CPxP, is the largest symmetric relation 
such that whenever P ~ Q, the following conditions hold. 

l I (P) c 1(g) 

2. If F4 P' then 3 Q' eV.Q-^> Q' and P' ~ Q'. 

<) 



Note that SPL states in contrast to traditional process algebras also contain information in the form of 
initial output action sets. This special situation is taken care of by Condition (1). Traditional results in 
process algebra show that the above definition is well-formed and that bisimulation equivalence is indeed an 
equivalence. Other work [33] may be used to establish that ~ is a congruence for SPL. 

4. Embedding of Statecharts. In this section, we present an embedding of Statecharts terms in SPL, 
which is defined to be a mapping [■{ from Statecharts terms to SPL processes. Although the semantics of 
SPL is defined on a “micro-step level,” our process algebra allows us to encode the synchrony hypothesis 
of Statecharts via maximal progress. More precisely, a macro step in Statecharts semantics corresponds 
to a sequence of SPL action transitions which is enclosed by clock transitions; such sequences implicitly 
contain the causal order inherent in a Statecharts macro step. This correspondence is the key for proving a 
one-to-one relationship between a Statechart and its embedding. 

4.1. Formalization of the Embedding. We start off by instantiating the process algebra SPL. We 
choose IlU-dl for the set of ports A and A'U {n \ n G M) U T for the set of process variables V. The necessity 
for including negated events in A will become obvious later. We define the embedding [■] : SC — ¥ V 
inductively along the structure of Statecharts terms, as follows, where is the indexed version of + satisfying 
= df 

1. If ,s = [n], then [.si = (i r n where n = f h = f 0. 

clef 

2. If s = [•« : ,.s k );l;T] and n, = root(.s,), for I < i < k, then [.si = df «, where n = «/ 

and ri, ‘= m t> \t € T and root(out(f)) - n,\, together with the equations produced by 

[<q], .... [.s,J. The translation {[f]} of a transition t will be defined later. 

3. If .s = [;/ : . . ,**)], then [si = <lf n where n = f h = f root(si) | ••• | root(a fe ), together with the 

equations produced by Jsi], .... [.s*|. 

First, observe that the image of the embedding mapping is a process, defined via a process equation system, 
where the left-hand side of the equations are process variables taken from the names of states and transitions. 
A basic state semantically corresponds to the inaction process 0, whereas an or-stat.e can either behave 
according to the process semantics of the embedding of the currently active state s/ . or it may leave s / by 
engaging in a transition t G T with out(f) = »/. Observe that an or-stat.e is mapped using the disabling 
operator which semantically resembles state hierarchy'. The translation of an and-state, which allows one 
to specify parallel composition, straightforwardly maps its component states to the parallel composition of 
the processes resulting from the translations of each of these states. The interesting part of the definition 
of [•] is the translation ft]} of a transition ( t,i,E,A,j ). In the following, E' stands for E fl II, the set of 
positive events contained in E, and N' denotes the set ->(E n -.11) U-’A, which includes the negated negative 
events in E and the negation of the events in .4. We define {[<]} =df (E\ N').t where t = [,4 U (E D -.n)]cx(nj), 
i.e., the translation splits a Statecharts transition (t,i,E,A,j) in two parts, one handling its trigger E and 
one executing its action .4. In order to execute its trigger all positive events in E must be offered by the 
environment, and all negative events in E must be absent. However, there is one more thing we have to obey 
when triggering a transition: global consistency. Especially, we must ensure that there is no transition in 
the same macro step, which fires because of the absence of an event in .4. Therefore, we include ->c, where 
c G .4, in the set A". Events of the form ->e are offered by process t, whenever transition t triggers due to the 
absence of event e. Hence, {<} can evolve via a SPL transition labeled by (E\ N') to process t, whenever the 
trigger of t is satisfied and whenever global consistency is guaranteed. Process t signals that transition t has 
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Table 4.1 

Embedding of the Example Statcchart 


M = »') = f »:t | «« 

IT fl ' 

INI = n :i = m 

II 1 = f M] > (0, {tt, — >/»}).# 1 

*1 =' [{6,->«}]<T(n 2 ) 

tr 7 i n 


M = » 8 = « 6 

«e = f m« > ({6}, {->a}).< :! 

h '= [{a}]«r(n 7 ) 

[•‘Mil = n 6 '= n.) 


ill '=n4 > ({&}> {->r}).< 2 
h = f [{<''}] cr (”r. ) 


1*4 = »4 = r »4 ‘= 0 
Nl = »5 = f »l5 ‘=0 
I- S 7 1 = «7 = f «7 *= f 0 



been triggered. Accordingly, it .offers the events in A until the current macro step is completed, i.e., until a 
clock transition is executed. In order to ensure global consistency, process t also offers the events in ED -.11. 
It is worth noting that SPL s two-level semantics of action and clock transitions allows for broadcasting 
events using SPL’s synchronization mechanism together with its maximal progress assumption. 

We now return to our introductory example by presenting its formal translation to SPL in Table 4.1, 
left-hand side. The embedding’s operational semantics is depicted on the right-hand side of Table 4.1, where 
({&}, {”»«}).<:}, and //. = f 0 l> {{&}, {-»«}). f ; j. Moreover, the initial output action set H(P), for 
some P € V, is denoted next to the ellipse symbolizing state P, and the sets N* appearing in the label 
of transitions are underlined in order to distinguish them from the sets EE Let us have a closer look at 
the leftmost path of the transition system, which passes the states (n ; * | n 8 ), (t { | n 8 ), | * 2 ), (0 | h), (0 1 1 3 ), 

and (0 | 0). The first three states are separated from the last three states by a clock transition. Hence, the 
considered sequence corresponds to two “potential” macro steps. We say “potential,” since macro steps only 
emerge when composing our Statecharts embedding with an environment which triggers macro steps. The 
events needed to trigger the transitions and the actions produced by them can be extracted from a macro- 
step sequence as follows. For obtaining the trigger, consider all transition labels (P, A r ) occurring in the 
sequence, add up all events in components P, and include the negations of all positive events in components 
A . Regarding the generated actions, consider the set of positive events in the initial output action sets of 
the states preceding the clock transition which signals the end of the macro step. Thus, the first potential 
macro step of the example sequence is triggered by -*a and produces events h and c, whereas the second is 
triggered by b and produces a. The state names along a sequence also indicate the transitions which have 
fired. More precisely, whenever a state includes a variable t € T at its top-level, transition t participates in 
the current macro step. Thus, for the first potential macro step, transitions t\ and f 2 are chosen, whereas 
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the second consists of transition t a only. Note that t 3 is not enabled in states (t, | n 8 ) or (f, | t 2 ), since event 
-vi is in their initial output action sets and a € act Hence, our embedding respects global consistency 
which prohibits f t and t 3 to occur in the same macro step. 


4.2. Generalization of the Embedding. As a technical means for proving the main result of this 
paper which is stated in the next section, we generalize the embedding function to [•.■]: SC x 2 r — ¥ V in 
order capture micro steps. Intuitively, [s, T] identifies the SPL process which [«] reaches when it engages in 
the transitions in T . Formally [a, TJ is defined inductively over the structure of h as follows. 


1. If s = [n], then [.s, T'\ =df 11 ■ 

2. If .s' = [n , a*);/; T], then 


[•s.T'l = df { 


{ lv,T'}> £{{[*]} |f€T,out(f) = a,} if T' = 0 

[s,.T'j £{ W I * e T, out(f) = if 0 ^ r C trans(.s-/) 

/' if 0 /r = {t'} cr, out(«') = - < >7 


0 otherwise 

3. If .s = [n : (a,,... ,**)], then [s,T'] =<if [«i,Til | ... | [s k ,T k ], where T t =<if T'ntrans(sj), 1 < i < k. 


In our proof context , T is a prefix of a sequence of transitions generated by the step-construction function, 
i.e, 5([s, J|) = Ufgr act (f) holds. The mapping [•, •] is a generalization of [•] since [a] = [a, 0], for all a € SC. 
Here, the symbol = stands for syntactic equality on processes up to “unfolding” of recursion. Formally, = is 
the largest congruence on P that, contains syntactic equality and obeys the following property: (P = Q and 
C= f P implies P = Q. 


5. Semantic Correspondence. For formalizing our intuition of the semantic relation between State- 
charts terms and their SPL embeddings, we define a notion of SPL macro step by combining several transitions 
to a single step, as outlined in Section 4.1. Accordingly, we write P=> P' if there exists some P" € V such 
that (Envt- 1 P) \ A ‘(Env/j | P") \ A -A (0 | P') \ A and I(P") = .4, where Env,.- = f [£]a(0). Intuitively, 
p is placed in the context (Env/r | •) \ A. in which Env/. ; models a generic, single-step environment that offers 
the events in E until clock tick rr occurs. 


5.1. Step Correspondence. The following relation, which we refer to as step correspondence , provides 
the formal foundation for relating Statecharts macro steps and SPL macro steps. 

Definition 5.1 (Step Correspondence) . A relation TZ C SC x P is a step correspondence if for all 
(s,P) € P and E, .4 C II the following conditions hold: 

1. Vs' € SC. implies 3P' € V. P^P 1 and {. s\P ') e TZ. 

2. VP' £ V. P=>P' implies 3s f € SC. and (s\P ( ) £ TZ. 

We say that s is step-correspondent to P, if (s,P) € TZ for some step correspondence R . 

Theorem 5.2 (Semantic Correspondence). Every s € SC is step- correspondent to [.s]. 

Proof sketch . It is sufficient to establish that TZ = d f {<*,[*]> |* € SC} is a step correspondence, which 
can be done by induction on the structure of s. Intuitively, one can show that, if T = ,**) is a 

sequence of transitions of s 6 SC generated by the step-construction function relative to the environment 
PCI!, then there exists a sequence of k internal transitions from (Env# | [*]) \ A to a. process which can only 
engage in a clock transition to (0 | [updated T)]) \ A. Moreover, the /th internal transition, where* 1 <1 <k,< 
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corresponds to the firing of t\ in s. Vice versa, if (Env# | |.s]) \ A is the origin of an SPL path to a process 
which can only engage in a clock transition to (0 | P f ) \ A and which mimics the triggering of a transition 
sequence T = (t i,... , ), then T can be generated by the step-construction function relative to .s* and E. 
Moreover, [update(«s, T)] = P f . 

The formalization of the above intuition requires the following auxiliary properties, where s E SC and 
E , A C II. Here, T stands for an arbitrary prefix of the above transition sequence (^i , . . . , £*) interpreted as 
set, i.e., T = {£],...,£/} for some 0 < / < k , and act(T) stands for |J /eT act(t). 

1. 3t E enabled( L s\ E, A, T) \ T implies [.s,T]^P' for some E\ N' C A and P f E V , such that P* = 
J.S, T U {£}], E ( = (ev(t) n II) \ act(r), and AT' = ->(ev(<) n -n) U -act (t.). 

2. [«, T] P’ for some E' C £, A r ' fl(EU -A) = 0, and P'eP implies E T. P' = J.s, T U {t }J, 

t E enabled (.s, E , A, T) \ 7\ E’ = (ev(*) n n) \ act(T), and AT' = -(ev(f) n -JI) U -act(f). 

3. enabled(,s\ E, A, T) \ T — 0 implies [.s, 7J P f for some P’ E P, where P ' = [update(s, 7 1 ), 0J, and 

V(£', A r/ ) E I([* T T\). E t \E^9or N f D(EU -A) ? 0. 

4. [s r,T] ^4 P' for some P' E V and E' \ E ^ 0 or A r ' n(£U -A) ^ 0 for all (£', AT') E I([*,T]) 
implies enabled(.s, £, A, T) \ T = 0 and P' = [update(.s, T), 0J. 

The above properties establish a micro-step level relationship between Statecharts terms and the processes 
occurring in their embedding. The proof of each property can be done by induction on the structure of s and 
uses our extensions of the enabled function (cf. Section 2.3) and the embedding mapping (cf. Section 4.2). □ 

5.2. Preservation Results. We close the technical part by returning to the behavioral relation ~ of 
bisimulation equivalence. First, we state a preservation result involving ~ and SPL\s macro-step semantics. 

Theorem 5.3. Let P, P f ,Q E V such that P ~ Q and P==> PC Then 3 Q 1 E P. Q ==> Q f and P f ~ Q f . 

The validity of this theorem relies on the congruence property of ~ for SPL. When combining the insights 
obtained by establishing Theorems 5.2 and 5.3, one may derive the following corollary which relates bisim- 
ulation equivalence and Statecharts macro-step semantics. 

Corollary 5.4. Let P, A C n, ,s* e SC. and P E V such that [,s] ~ P. Then 

1. Vs' E SC .s=W implies 3 P' E P.P=>P' and [s'] - PC 

2. VP 1 e V. P => P’ implies 3s' € SC. s ==► s' and [s'] ~ P‘ . 

6. Adaptability to Other Statecharts Variants. For Statecharts, a variety of different semantics 
has been introduced in the literature. The comparison paper [34] surveys over twenty Statecharts variants. 
In this section, we show how our approach can be adapted to these variants arid, thereby, testify to its 
flexibility. We focus on the most relevant issues of Statecharts semantics, which are identified in [34]. 

As is immanent in this paper, we favor an operational semantics over a denotational one, since we 
feel that operational models are more intuitive and, therefore, easier to understand. Moreover, operational 
models provide an immediate interface to verification tools which implement state-exploration techniques. 
An important observation of this paper is that the concept of a single, global clock together with maximal 
progress is the key to providing a compositional, causal state-machine semantics for Statecharts. Although 
the semantics is defined on the micro-step level, it allows for an easy identification of macro steps. The (dock 
enforces global synchronizations which mark the beginning and end of macro steps. Thus, macro steps are 
represented as sequences of micro steps, which encode the underlying causality of Statecharts semantics. 
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In the Statecharts variant examined in this paper, two features are left out which are often adopted in 
other variants. One feature concerns inter-level transitions, i.e., transitions which cross the “borderlines’ 1 
of Statecharts states and, thus, permit a style of “goto” -programming. Unfortunately, when allowing inter- 
level transitions the syntax of Statecharts terms cannot be defined compositionallv and, consequently, nor 
its semantics. The second feature left out is usually referred to as state reference and permits the triggering 
of a transition to depend on the fact whether a certain parallel component is in a certain state. Such state 
references can be encoded in SPL s communication scheme by introducing special events in n , for n G A * 
which may appear in the trigger of transitions and which are signaled by a process if it is in state n. 

Another issue of Statecharts semantics concerns the question whether there exists a difference in sensing 
internal and external events . Usually, internal events are sensed within a macro step, but external events 
are not. Hence, events are instantaneous , i.e., an event exists only for the duration of the macro step under 
consideration. We achieve this semantics by using the signal operator which stops the signaling of events as 
soon as the next clock tick arrives. However, in the semantics of Statemate [8] an event is only sensed in the 
macro step following the one in which it was generated. This behavior can be encoded in our embedding by 
basically splitting every state t G T into two states that are connected via a clock transition. 

The Statecharts concept of negated events forces transitions to be triggered only when certain events are 
absent. Negated events may be used for imposing priority between transitions and, thereby, for resolving 
nondeterministic choices. SPL adopts this concept by requiring input actions to be pairs of sets of events, one 
containing the events which must be present and the other the events which must be absent for triggering a 
transition. However, when permitting negated events in a macro-step semantics, one has to guarantee that 
the effect of a transition is not contradictory to its cause. Regarding this issue, one may distinguish two 
concepts: global consistency and local consistency. The former prohibits a transition, containing a negative 
trigger event ->e, to be executed if a micro step in the same macro step produces e. This is enforced in our 
embedding by offering -ie, whenever a transition triggers due to the absence of e. Moreover, ~>e is included 
in the set of events which need to be absent in all Statecharts transitions producing e. When leaving out 
the events -r in our embedding, we obtain the weaker notion of local consistency, i.e., once an event < is 
signaled in a micro step, no following micro step of the same macro step may fire if its trigger contains -r. 
Local consistency implicitly holds in our embedding since an event is always signaled until the next macro 
step begins, i.e., until a clock transition is executed. 

In addition to the possibility of encoding priorities between transitions via negated events, one may also 
introduce an implicit priority mechanism along state hierarchy , as is done, e.g., in Statemate [10]. More 
precisely, a transition leaving an or-state is given priority over any transition within this state, i.e., or-states 
may be viewed as pre-emptive interrupt operators. Considering this behavior in SPL requires one to modify 
the semantics of the disabling operator, accordingly. However, such a modification does not introduce any 
new semantic issues, since the necessary concept of pre-emption is the same as for the synchrony hypothesis. 

7. Related Work. Achieving a compositional semantics for Statecharts is known to be a difficult task. 
The problems involved were systematically analyzed and investigated by Huizing and Gerth in the early 
nineties in the more general context of real-time reactive systems [15], for which three criteria have been 
found to be desirable: (i) responsiveness, which corresponds to the synchrony hypothesis of Statecharts, 
(ii) modularity , which refers to the aspect of compositionality, and (iii) causality. Huizing and Gerth proved 
that these properties cannot be combined in a single-leveled semantics. As a consequence, we followed their 
suggestion to study two-leveled semantics. In our approach, the three properties hold on different levels: 



compositionality holds on the micro-step level, i.e., the level of SPL action transitions, whereas responsiveness 
and causality is guaranteed on the macro-step level, i.e., the level on which sequences of SPL action transitions 
between global synchronizations, caused by clock ticks a , are bundled together. 

Uselton and Srnolka [31] and Levi [17] also focused on achieving a clean, compositional semantics for 
Statecharts by referring to process algebras. In contrast to our approach, Uselton and Srnolka T s notion of 
transition system involves complex labels of the form ( E , -<), where E is a set of events and a transitive, 
irreflexive order on E , for encoding causality. Unfortunately, their semantics suffers from some serious 
problems, as pointed out in [17, 18]. Essentially, the semantics does not correspond as intended to the 
Statecharts semantics of Pnueli and Shalev [28], Levi repaired this shortcoming bv modifying the domains of 
the arguments of -< to sets of events and by allowing empty steps to be represented explicitly. However, we 
believe that our semantics, where labels do not contain any order at all, profits from improved readability. 

Maggiolo-Schettini et al. considered a hierarchy of equivalences for Statecharts, including isomorphism 
and bisimulation, and studied congruence properties with respect to Statecharts operators [18]. For this 
purpose, they defined a compositional, operational macro-step semantics of Statecharts, which slightly differs 
from the one of Pnueli and Shalev since it does not allow the step-construction function to fail. In their 
semantics, labels of transitions consist of four-tuples which include information about causal orderings, 
global consistency, and negated events. This complexity prohibits an intuitive understanding of Statecharts 
semantics and an easy integration with existing analysis and verification tools. However, it should be noted 
that the semantic framework presented in [18] serves well for the purpose of studying certain algebraic 
properties of equivalences on Statecharts, such as fully-abstraetness results and axiomatizations [14. 15]. 

Another popular design language with a visual appeal like Statecharts and, moreover, a solid algebraic 
foundation is Argos [20]. However, the semantics of Argos, defined via SOS rules as labeled transition systems, 
significantly differs from classical Statecharts semantics. For example, Argos is deterministic, abstracts from 
“non-causal” Statecharts by semantically identifying them with a failure state, and allows a single parallel 
component to fire more than once within a macro step. 

Interfacing Statemate [10] to model-checking tools is a main objective* in [1C] and most recently also 
in a series of papers by Mikk et al. [21, 22, 23]. The first paper of this series includes a formalization of 
the semantics of Statemate, as defined in [8], within the specification formalism Z [30]. The second paper 
describes a translation from a subset of Statemate to hierarchical state automata which may be mapped to 
the specification language of the verification tool Spin [13], as shown in Mikk's third paper. 


8. Conclusions and Future Work. This paper presented a process-algebraic approach to defining a 
compositional semantics for Statecharts. Our technique translates Statecharts terms to terms in the process 
algebra SPL which is expressive enough to model the semantic principles underlying Statecharts. SPL allows 
one to encode a “micro-step” semantics of Statecharts in the traditional SOS-style; it is at this level that 
our semantics is compositional, as bisimulation may be shown to be a congruence for the language. The 
macro-step semantics may then be given in terms of a derived transition relation. This semantics cannot 
be compositional, as results of Huizing and Gerth have shown [15]. However, the algebraic basis of our 
semantics permits the investigation of, e.g., the largest congruence consonant within this semantics. Also, 
since these sequences essentially encode total closure's of causal orders, partial order methods might be useful 
for avoiding unnecessary state explosion in practice [6]. Note that, although SPL is a newly developed process 
algebra, all of its semantic ingredients have* already been studied in the process-algebra community. 



We demonstrated the utility of our technique by formally embedding the Statecharts semantics of [18], 
which is a slight variant of Pnueli and Shalev’s semantics [28], in SPL. Our embedding is sound and complete 
in the sense that Statecharts terms and their embeddings mutually simulate each other. The benefits of 
our approach include (i) a uniform semantic framework for intuitively modeling the semantics for several 
Statecharts variants in a compositional style, (ii) a simple method to interfacing Statecharts to existing 
verification tools, such as the Concurrency Workbench of North Carolina (CWB-NC) [5], (iii) the possibility 
of lifting behavioral equi valences from process algebras to Statecharts. We illustrated the viability of this 
last point by showing that bisimulation equivalence, which is a congruence for SPL, preserves Statecharts 
macro-step semantics. Finally, the paper gave insight in the close semantic relationship between process 
algebras and Statecharts and, thereby, testified to the practical importance of process algebras for design 
tools for reactive systems. 

Regarding future work, we plan to continue our investigation of behavioral equivalences for Statecharts 
in general, and “weak* equivalences in particular, by studying them for SPL. It may also be interesting to 
characterize the “Statecharts sub-algebra” of SPL. Moreover, we intend to implement SPL and our embedding 
in the CWB-NC. 
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